From ecb5bb4ed88a15bf8df2cfea3cf277c4ab6f02d8 Mon Sep 17 00:00:00 2001
From: Charles Gagnon <chgagnon@microsoft.com>
Date: Mon, 16 Aug 2021 12:59:18 -0700
Subject: [PATCH] Fix scan hits (#16788)

---
 .config/CredScanSuppressions.json                             | 4 ++++
 extensions/cms/src/cmsUtils.ts                                | 1 +
 .../platform/connection/test/common/connectionStore.test.ts   | 2 +-
 3 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.config/CredScanSuppressions.json b/.config/CredScanSuppressions.json
index 02049a6363..6e8424305b 100644
--- a/.config/CredScanSuppressions.json
+++ b/.config/CredScanSuppressions.json
@@ -16,6 +16,10 @@
         {
           "file": ".devcontainer\\devcontainer.json",
           "_justification": "Local development environment - not used in production"
+        },
+        {
+          "file": "extensions\\asde-deployment\\notebooks\\edge\\deploy-sql-edge-remote.ipynb",
+          "_justification": "Deployment Notebook - usernames/passwords are entered by user"
         }
     ]
 }
diff --git a/extensions/cms/src/cmsUtils.ts b/extensions/cms/src/cmsUtils.ts
index 12aa252910..5737276c32 100644
--- a/extensions/cms/src/cmsUtils.ts
+++ b/extensions/cms/src/cmsUtils.ts
@@ -32,6 +32,7 @@ export class CmsUtils {
 	private _cmsService: mssql.ICmsService;
 	private _registeredCmsServers: ICmsResourceNodeInfo[] = [];
 
+	// [SuppressMessage("Microsoft.Security", "CS002:SecretInNextLine", Justification="Used for unit testing, not actual valid credential")]
 	public async savePassword(username: string, password: string): Promise<boolean> {
 		let provider = await this.credentialProvider();
 		let result = await provider.saveCredential(username, password);
diff --git a/src/sql/platform/connection/test/common/connectionStore.test.ts b/src/sql/platform/connection/test/common/connectionStore.test.ts
index 09c1fdb0e1..9bba7eb96f 100644
--- a/src/sql/platform/connection/test/common/connectionStore.test.ts
+++ b/src/sql/platform/connection/test/common/connectionStore.test.ts
@@ -26,7 +26,7 @@ suite('ConnectionStore', () => {
 		serverName: 'namedServer',
 		databaseName: 'bcd',
 		authenticationType: 'SqlLogin',
-		userName: 'cde',
+		userName: 'cde', // [SuppressMessage("Microsoft.Security", "CS001:SecretInline", Justification="Mock value, never actually used to connect")]
 		password: generateUuid(),
 		savePassword: true,
 		groupId: '',